Upstream information
Description
Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition.SUSE information
Overall state of this security issue: Does not affect SUSE products
SUSE Bugzilla entry: 1258127 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Thu Feb 12 08:02:25 2026CVE page last modified: Fri May 8 11:21:20 2026